Overview
Explore the ZombieLoad attack, a powerful vulnerability affecting most Intel CPUs, in this 56-minute conference talk from the 36C3 event. Learn how this attack allows leaking data from various sources, including user processes, kernels, secure enclaves, and even across virtual machines. Discover why ZombieLoad remains effective even on CPUs with Meltdown fixes. Examine the attack's relationship to the original Meltdown vulnerability and compare it to other microarchitectural data-sampling (MDS) attacks. Witness live demonstrations of ZombieLoad's capabilities, including monitoring browsing behavior, stealing cryptographic keys, and leaking root-password hashes on Linux. Discuss the challenges in mitigating ZombieLoad and its implications for hardware vendors, software vendors, and users. Gain insights into the future of Meltdown attacks and potential countermeasures through this comprehensive presentation by security researchers Michael Schwarz, Moritz Lipp, and Daniel Gruss.
Syllabus
Intro
Introduction
Welcome
Daniel Goose
Cache
Meltdown Attack
Technical Details
Future Work
ZombieLoad Cache
Domino Attack
Credit Card Attack
Variants
Mitigation
No Variants
Fast Variant
Time Line
Faults
Conclusion
Questions
Taught by
media.ccc.de